Bug 2217335

Summary: dnscrypt-proxy auto-enables itself after installation
Product: [Fedora] Fedora Reporter: Petr Menšík <pemensik>
Component: dnscrypt-proxyAssignee: Robert-André Mauchin 🐧 <eclipseo>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 39CC: davide, eclipseo, epel-packagers-sig, go-sig
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: dnscrypt-proxy-2.1.5-1.fc39 dnscrypt-proxy-2.1.1-8.fc37 dnscrypt-proxy-2.1.1-8.fc38 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-10-03 00:17:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Petr Menšík 2023-06-26 05:45:34 UTC 
I have installed dnscrypt-proxy to look into its documentation. I were using unbound+dnssec-trigger and wanted it to continue. But after a reboot my configuration were broken and VPN redirection did not work. I have found that happened because dnscrypt-proxy has a custom way to auto-enable itself on installation. I do not think this is allowed by packaging guidelines.

Reproducible: Always

Steps to Reproduce:
1. dnf install unbound dnssec-trigger
2. dnf enable --now dnssec-triggerd
3. dnf install dnscrypt-proxy
4. reboot
Actual Results:  
my explicitly configured unbound has failed to startup, because there is different service listening on the same port already. I have never chosen to replace that by dnscrypt-proxy.

Expected Results:  
The service is enabled only manually, by usual configuration via systemctl:
systemctl enable --now dnscrypt-proxy

Fedora allows auto-enabled services only when they do not modify other services. That does not happen directly, but by listening on common domain port on 127.0.0.1 it effectively does. If it used alternative localhost address it might be okay. But it must not as it is now.

This service has not a FESCo ticket required to be enabled by default:
https://src.fedoraproject.org/rpms/fedora-release/blob/rawhide/f/90-default.preset

I do not think it passes guidelines:
https://docs.fedoraproject.org/en-US/packaging-guidelines/DefaultServices/#_enabling_services_by_default

It also does not use systemd macros, which I think it should use:
https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd
Comment 1 Davide Cavalca 2023-06-26 07:27:17 UTC 
Yup, this needs to be fixed. This package was recently orphaned and I picked it up, will try and get this sorted out on the next update (hopefully) soon.
Comment 2 Fedora Release Engineering 2023-08-16 08:11:22 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora Linux 39 development cycle.
Changing version to 39.
Comment 3 Fedora Update System 2023-09-24 08:56:30 UTC 
FEDORA-2023-fd8de8b367 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-fd8de8b367
Comment 4 Fedora Update System 2023-09-24 09:27:39 UTC 
FEDORA-2023-0a1ef0ef74 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-0a1ef0ef74
Comment 5 Fedora Update System 2023-09-24 09:54:42 UTC 
FEDORA-2023-6c6700154a has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-6c6700154a
Comment 6 Fedora Update System 2023-09-25 01:15:21 UTC 
FEDORA-2023-fd8de8b367 has been pushed to the Fedora 39 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-fd8de8b367`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-fd8de8b367

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 7 Fedora Update System 2023-09-25 01:33:37 UTC 
FEDORA-2023-6c6700154a has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-6c6700154a`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-6c6700154a

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 8 Fedora Update System 2023-09-25 01:44:25 UTC 
FEDORA-2023-0a1ef0ef74 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-0a1ef0ef74`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-0a1ef0ef74

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 9 Fedora Update System 2023-10-03 00:17:32 UTC 
FEDORA-2023-fd8de8b367 has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 10 Fedora Update System 2023-10-03 00:43:21 UTC 
FEDORA-2023-6c6700154a has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 11 Fedora Update System 2023-10-03 02:22:08 UTC 
FEDORA-2023-0a1ef0ef74 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.